Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41515 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-10 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. | |||||
| CVE-2022-42073 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-10 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. | |||||
| CVE-2022-42074 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-10 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | |||||
| CVE-2022-41377 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2022-10-10 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. | |||||
| CVE-2022-41378 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2022-10-10 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. | |||||
| CVE-2022-41513 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-09 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. | |||||
| CVE-2022-27379 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27378 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-41355 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-10-07 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. | |||||
| CVE-2018-5696 | 1 Ijoomla | 1 Ad Agency | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. | |||||
| CVE-2022-28815 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-10-07 | N/A | 2.7 LOW |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service. | |||||
| CVE-2022-22794 | 1 Cybonet | 1 Pineapp Mail Secure | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner. | |||||
| CVE-2020-27733 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-10-07 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | |||||
| CVE-2020-10381 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2022-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names. | |||||
| CVE-2020-13381 | 1 Os4ed | 1 Opensis | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS through 7.4 allows SQL Injection. | |||||
| CVE-2016-4507 | 1 Bosch | 1 Bladecontrol-webvis | 2022-10-06 | 5.5 MEDIUM | 6.4 MEDIUM |
| SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-36002 | 1 Seat-reservation-system Project | 1 Seat-reservation-system | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. | |||||
| CVE-2019-9204 | 1 Nagios | 1 Incident Manager | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2022-29009 | 1 Cyber Cafe Management System Project | 1 Cyber Cafe Management System | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | |||||
| CVE-2020-13589 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||